Microgrids and Security – Fortifying the Smart Grid

If you pose the question, “What keeps you awake at night?” to people at Homeland Security, the Department of Energy, or many utility resources in this country, you’ll get an answer about securing the grid.  Physical security concentrates on protecting assets from tampering and destruction – like transmission lines, vital substations, and the equipment that communicates with these assets.  Cyber security focuses on the data that is transmitted by the communications and computer networks used by generators, transmission companies, and utilities.  Think about all those transmission towers marching across miles and miles of remote American locations.  If a couple towers were physically disabled through malicious intent, it would have some impact on grid reliability and stability.  However, the most worrisome security threats are cyber-based, in which hackers remotely disable or destroy grid infrastructure, resulting in widespread blackouts that could last months, not hours. 

Harking back to that saying again, “don’t put all your eggs in one basket”, microgrids offer a solution to some physical and cyber security concerns.  Placing generation sources throughout the grid and having the ability to “island” or isolate important electricity users in microgrids can at least reduce the impacts of a cyber strike.  Instead of completely disrupting all grid-supplied operations, these mission-critical functions could continue under their own power.  The US military is already planning microgrids for fixed and mobile bases, and has projects underway at Wheeler Air Base in Hawaii and Twentynine Palms Base in California.  These microgrids should have designs for complete power self-sufficiency that can last for months to address the worst-case scenario – the cyber equivalent of a Pearl Harbor attack. 

However, some security specialists point out that microgrids increase the “attack surface” by offering more points of access to the larger grid where the microgrid has communications connections, or even the electricity lines themselves.  And it’s true, communications systems, and these are mostly IP-based, do have vulnerabilities that can be exploited by hackers.  Therefore, microgrid designers and operators need to take precautions to ensure that the industrial control systems (also known as SCADA systems – Supervisory Control and Data Acquisition) and other points of cyber access must be as secure as larger grid operations. 

The traditional electrical grid used to rely on obscurity as a form of cyber security protection.  Closed systems and proprietary solutions made it difficult for hackers to gain access.  However, the Smart Grid is triggering an open and IP-based communications transformation in the grid’s transmission and distribution networks.  Therefore, the same security measures and practices that are being deployed in utility-scale grids must be adapted for use in microgrids.  However, where utilities have full time operations personnel devoted to security monitoring, microgrids may not have sufficient resources to duplicate this arrangement.  Microgrids need automated monitoring to detect intrusions and trigger immediate responses, and use best practices and frequent audits to identify and correct weaknesses in their physical and cyber security perimeters.      

Microgrids improve overall grid reliability and security.  They make it easier to quickly integrate renewable sources of generation into the grid.  The benefits that microgrids contribute to our overall electrical grid outweigh the security risks to it, but it does mean caution must be exercised in building out a microgrid infrastructure that is interconnected to the Smart Grid.

You can learn more about microgrid security at the Smart Grid Cyber Security Summit in San Jose on Tuesday and Wednesday.  I’ll be there moderating a session on microgrid security – see you there!